WHAT IS CLAIMED TS: 



1 1 . A method of allowing an employee associated with a first 

2 enterprise to access a first Intranet owned by the first enterprise from a computing 

3 device located within a semiconductor fabrication facility in which a plurality of client 

4 systems located within said facility are connected to a second Intranet using a first 

5 physical connection type, said fabrication facility, plurality of client systems and 

6 second Intranet all being owned by a second enterprise, said method comprising: 

connecting said computing device to said second Intranet through a node 

8 using a second physical connection type that is different from said first physical 

9 connection type; 

1 0 establishing an isolation pipe through said second private Intranet 

HJ 1 1 between said node and a hub using virtual private network technology; 
D 12 generating a request to logon to said first Intranet from said computing 

!rj 13 device; 

Jt 1 4 formatting said request in a secure Internet protocol such that said 

vP 1 5 request is broken up into multiple standard Internet packets, where each packet includes 

1 6 at least a network transmission header portion and an encrypted data portion; and 
}=: 1 7 transmitting said formatted request through said isolation pipe over said 

g 1 8 second Intranet to said hub and then through a firewall and over the public Internet to 



19 said first Intranet. 

1 2. The method of claim 1 wherein said formatted request is 

2 received at the first private Intranet. 

1 3. The method of claim 1 wherein said formatted request is 

2 transmitted through said isolation pipe using a tunneling protocol selected from the 

3 group consisting of: layer 2 tunneling protocol, point-to-point tunneling protocol, layer 

4 2 forwarding and generic routing encapsulation. 

1 4. The method of claim 1 wherein said formatted request is 

2 encrypted using a Secure Sockets Layer (SSL) encryption protocol. 

1 5. The method of claim 5 wherein both the network transmission 

2 header and already encrypted data portions of each packet associated with said 

3 formatted request is encrypted at said node using a VPN-level encryption protocol prior 
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4 to being transmitted through said isolation pipe and then decrypted at said hub/firewall 

5 such that the header is unencrypted and the data portion is encrypted using only the 

6 SSL protocol prior to being transmitted over the public Internet. 

1 6. The method of claim 1 wherein said first enterprise is a 

2 semiconductor equipment manufacturer. 

1 7. The method of claim 1 wherein said computing device is 

2 connected to said second Intranet from inside a cleanroom. 

1 8. In a customer network comprising a plurality of customer client 

2 systems, at least one customer server system and a customer firewall where said 

u . 3 plurality of customer client systems are communicatively coupled to said server system 

D 4 using a first physical connection type, said server system is communicatively coupled 

O 

■Q 5 to said firewall and said customer firewall is communicatively coupled to a public 

l~5 6 network, a method of allowing end-to-end secure communication from a supplier client 

Hj 7 system located behind said firewall to a supplier server system accessible over said 

E 8 public network, said method comprising: 

p 9 connecting said supplier client system to said customer network using a 

N" 10 second physical connection type that is different from said first physical connection 

□ 11 typ^ 

^ 12 establishing an isolation pipe between said supplier client system and a 

13 server system of said customer network through use of a tunneling protocol; 

14 transmitting data from said supplier client system through said customer 

1 5 network and towards said firewall using said isolation pipe; 

16 transmitting said data from said customer firewall to said public 

17 network; and 

1 8 receiving said data at said supplier server system. 

1 9. The method of claim 8 further comprising: 

2 in response to receiving said data at said supplier server system, 

3 transmitting data from said supplier server system to said supplier client system. 

1 10. The method of claim 9 wherein the public network is the Internet 

2 and wherein data from said supplier system that is transmitted through said customer 

3 network is formatted in a secure Internet protocol such that said data is broken up into 
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4 multiple standard Internet packets, where each packet includes at least a network 

5 transmission header portion and an encrypted data portion. 

1 11. The method of claim 1 0 wherein said secure Internet protocol is 

2 the Secure Sockets Layer (SSL) protocol. 

1 12. The method of claim 1 1 wherein said isolation pipe through said 

2 customer network is established by a virtual private network hub and a virtual private 

3 network node and said supplier client system is connected to said customer network 

4 through said virtual private network hub. 

1 13. A method for allowing end-to-end secure communication over a 

2 public network from a client system located behind a firewall of a first private network 
j=i 3 to a server system associated with a second private network, said method comprising: 
y 4 authenticating communication between said client system and a wireless 

y 

Sj 5 access point of said first private network; 

2 6 thereafter, generating, from said client system, a request for a Web page 

'0 7 stored on said server system; 

|=* 8 transmitting said request from said client system to server system by 

fl 9 routing said request through said first private network, over said public network and 

fi 10 then to said second private network, wherein said request is routed through said first 

P 

i=fe 1 1 private network, in order, from said client system, to said wireless access point, to a 

12 virtual private network node, to a virtual private network hub, and through said firewall 

1 3 and wherein said request is routed from said virtual private network node to said virtual 

1 4 private network hub using a tunneling protocol. 

1 14. The method of claim 13 wherein said client system is located in a 

2 cleanroom of a semiconductor fabrication facility and said wireless access point is 

3 located outside said cleanroom. 

1 15. A networked system comprising: 

2 a private communication network; 

3 a supplier client system coupled to the private network; 

4 a firewall coupled to the network, said firewall providing security 

5 features that enable said private network to connect to a public network; and 

6 a virtual private network system, coupled to the private network; 
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wherein said virtual private network system is configured to: 

8 receive a request from said supplier client system for viewing a desired 

9 Web page sent over the public network, create a secure pipeline within said private 

10 communication network tunnel to transmit said request from said supplier client system 

1 1 to said firewall and transmit said desired Web page from said Internet through said 

12 firewall to said supplier client system. 

1 16. The system of claim 1 5 wherein said supplier client system is 

2 configured to generate said request in a secure Internet protocol such that said request is 

3 broken up into multiple standard Internet packets, where each packet includes at least a 

4 network transmission header portion and an encrypted data portion. 

•y ; 1 l7 - The system of claim 16 wherein said virtual private network 

O 2 system comprises at least a VPN node and a VPN hub, and wherein said supplier client 

g 3 system is coupled to said private network through said VPN node and said VPN node 

^ 4 directs communications through said private network directly to said VPN hub. 

* 1 1 8. The system of claim 1 7 wherein said VPN node is configured to 

(j, 2 transmit only requests generated in said secure Internet protocol to said VPN hub. 

o 

% 1 1 9 - Tne system of claim 1 8 wherein said secure Internet protocol is 

p 2 the Secure Sockets Layer (SSL) protocol. 

N= 

1 20. A networked system comprising: 

2 a private communication network; 

3 a virtual private network (VPN) node coupled to said private network; 

4 a supplier client system coupled to the private network through said 

5 VPN node; 

6 a VPN hub coupled to said private network, wherein said VPN node and 

7 VPN hub are configured to create an isolation pipe therebetween within said private 

8 network; 

9 a firewall coupled to the private network, to said VPN hub and to a 

1 0 public network, said firewall providing security features that enable said private 

1 1 network to connect to the public network. 

1 21. The networked system of claim 20 wherein: 



24 



said VPN node is configured to receive a request from said supplier 
client system for viewing a desired Web page sent over the public network and pass 
said request on to said VPN hub using a tunneling protocol; 

said VPN hub is configured to pass said request from said VPN node to 
towards said firewall; and 

said firewall is configured to transmit said request over said public 

network. 

22. The system of claim 21 wherein said VPN node is configured to 
transmit only requests generated in said secure Internet protocol to said VPN hub. 

23 . The system of claim 22 wherein said secure Internet protocol is 
the Secure Sockets Layer (SSL) protocol. 
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